Overview

overview

10

Static

static

3

JaffaCakes...e0.dll

windows7-x64

10

JaffaCakes...e0.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    67s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    04-01-2025 05:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_77fd32df1f107d7323557779f2f7d4e0.dll

  • Size

    748KB

  • MD5

    77fd32df1f107d7323557779f2f7d4e0

  • SHA1

    6f9e7a716568a9a03a1b52422d2e725b4a21fa22

  • SHA256

    9c79051f4ff7ef6b62b93e2534658e873da248b3eb157ec7f58b435567ca3e0a

  • SHA512

    560304bb75c6d12e4a5848df48cceba03ebfec5197d2b7c4ea35754dfcb0936da14f29008243197411827b4f18ce2dcd3138c9ad2e3afbe7423ec2331910024c

  • SSDEEP

    12288:+Fqi2VC1J7Zs7a5zchr46CIfsyZmGyYCqeCYT9rr1YrqILm:+Ui2C1JdoiEdmGyYuDRrZYBLm

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_77fd32df1f107d7323557779f2f7d4e0.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2144
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_77fd32df1f107d7323557779f2f7d4e0.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2596
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2616
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2876
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2876 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2848
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2924
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2924 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2696

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e77fb13c17c8afce21df9ddfac7815fd

    SHA1

    0d59d8582ee5d73b8dac7acea7761c6eb2e6c213

    SHA256

    e7e6d71fa3c1ec34b680ef7b65bea025cba8fdde263c16622691b62b68aad928

    SHA512

    1de8b2746f7f166a5813dffdd7ae2c99c2f79068aa323fb31ae079379dcafe9854bb15786ae38e13b6c213353f7441d884699c4a5f7c7c11389c99b9cb5b5584

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6db1a6fdbc4bba49d62b338270d619c3

    SHA1

    568ca0b41f3728a1897a1a2b3b13b8a0dc3bbce1

    SHA256

    94870e8ea30ba15b9bac1c87b956167ff425aeadf09bde693fe3806d5ea0b84e

    SHA512

    a46c58c85b2ac7219274d983751b3919376593b0e7422a6859aa6c9d1a0b49b30b4aa0f8f298081ac10be7752e2c9d1dc650b44033b2698924f9dd7bf9c38e64

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b01ca187067ba3fd9b8735c82ce21266

    SHA1

    6a8982882f764e0187d38bbe19ed3879429947ab

    SHA256

    84bd099c87097d320ae337ffb50db92742a8032fd02fb8a29a74af691ae96585

    SHA512

    8192213a0d903d68174b82c55cdffac8ee9afe8efe057102da2039b522bd07659fcce503fa8753887a7ff9a8af399b94c6e9d113deff1e2ea69535e945159865

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7af81ea96d6fefc9a73326e5aa686b14

    SHA1

    87dbc1a0d981cba7e5a799d45e4ce69a8f1960c5

    SHA256

    314506fc3b0f1aaa251f9cb42bc3657b033259b2d5f543d69a97891984868332

    SHA512

    663de1c6463a0c370267f149b5f7f5ff5628479c3c7353dd3312dc69af6664966143b872c33930baad71b79cf7b6da9566c3863b01524f6b68352a4bc45823e9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    841a51bebad46ce685e5483eab4c5cf9

    SHA1

    c1d54d208628bea659068b4041f001567d420b11

    SHA256

    c1b39eaa7d281c0be9572113bae4bbd1510d4a3cb0d80d482f3323499bb5469d

    SHA512

    a3c8c2d32bc43659bc6b33681953c560c7b468c5068779264551362e2c9c6cc965f4061e893b6d9dd209ffc25e322c8aa23fe46476b4c107ebc832388443582f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    93a085ce818da67d3f438ff558287bf5

    SHA1

    87725a642f77af6a686c35a51b0f30a373101d33

    SHA256

    1d03a70bff62ecb29a9483f6cfc62bcab2ac6966852f0c8804f3d102b8ac7541

    SHA512

    24cfdeb60a6b7253a7810c06ca60244dc3254e5848cf95ea78cc2bfa9091be2464ea93c01489f7abe037145a38ba3a89096fbe2176b98ff2d057be94dac3249d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    064cbc1f0cabf102db9b358a0f319ee4

    SHA1

    a113fef22b6cbc227a0e8700032605a79285e714

    SHA256

    32ebb0bb2f86c78352ee3aec07d84b350c13e4f6b905611a96253a63fd1656b8

    SHA512

    20d0e12b9d0dd6c43acbce16350f2bc36b657f783330c5f60e4a0064d0d8c15d9b3ccdc11e972fe1b92304a4f83c10ca53e9eb753b557805bbd911c7d47b7a27

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7eedbf734e553173417dd8913b6771c8

    SHA1

    2923f8f38a2d88fe9bb446e1e8204063c11c0735

    SHA256

    3a14100e3d6bad41dca43323565410041f6814d90fc1d92e8b97b9f71b752ab0

    SHA512

    c813583c646ee3a2a8eb589dc0cd5a1296fad7b8684fc9f8b99943f9c1a9e0881d85228e6bb80c6dac3cbb75d4250a7368d722a62399021174e52800b7ba7e29

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fb4e0ad81af1a2bdcde861b97aa32bc7

    SHA1

    40dd0780a101bc1b7563fcb073ba14be6c99084e

    SHA256

    48468bc51e45df3819a390efde1d0cd1119cd24ef3ebc4725311acaa7691f70a

    SHA512

    e45913360ef501cbdd98863ad3fc2cb4f5263dbe0fd0bb1b9be42684ec54fd97ea5baffcb5b92707b9673083ffbc281f4b4e4cc3486eed69cfa1ff1b602b7b5e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9109a8d78ba5d03f2b1003836282a3ea

    SHA1

    8eb4febcb5b12263508673b62cd84d6bd88f6225

    SHA256

    eb76aaeb3e6c96a8e1037a4db63943c413a6e329cf9694119a3232751d94eab1

    SHA512

    8d2a4dd0c460218c9cff2fceb58bb8283e8e8515897bf3bc6e2d4cfad08b61738e70ef71bccb1ec1d5b53ac0e494b762e68983879c2c75ef323e41c0b3521502

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6a7e3dedadc566c935bdc7b0c8df4821

    SHA1

    a35a9e46d537aa215b62c9b5c216e4fe2528a73e

    SHA256

    b89432e0c125ea4549fc84a38df7f91ed9721413a1c54c74f30a486ebed0fba5

    SHA512

    6567beb1f3982d635faaac73d7e6b92f5f36dfc4e84a37d85a3d6ffc0e8cd81619c73fb9782ee16199576577fcdaed7c9c0c346650d0234cd66689450fb58432

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    be0fa436e3e0f38d12b80aa010a9570a

    SHA1

    8369bda7d1801d5ca79be9306c02d8bd1155e552

    SHA256

    365fe2d6e334539988d93517142810b2dc73b1dfeb895180a53528d418f933b5

    SHA512

    47330e2163ceedfbe819434c2fe6f5c53ef9c488c220a60b6d61bf86984291a9884bf6b49f0041c133d4328c6f0605fb61f6e5870da78780ea97bb2e6d1edd81

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a9252efb4993cc0101595f85c910d1c2

    SHA1

    edababbaae61236243308cb477337b27ea07230f

    SHA256

    9efdefef9c3817469c1f2c58d510462081f45af048a131b4bab9f5df91460dc1

    SHA512

    a16ae89d546607617c3665392387e8e145f720c2d01c7726838dfdaa6c076e820b0c0e406f536c6be2fb54d277a84c9cceaa14c57db1d4bc807a952dad7d39ba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c2a1a2411d5d30f12ac5a6001feb26d7

    SHA1

    21552f00e4da4c847645910a08fcef9bc97d5103

    SHA256

    7b55621d98371725b449437e20eccef046d6355d35d6c8949351112a84ab7a32

    SHA512

    6885e64e3bf4dbd9e030089a94cf065c9e3173e7c3fa900aefdde564fde00eaf6bbfe7ef9b96bbb2df678a091f299bea895f9611326918b8a41059c6505ca4bd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    283957b2bcff50231b6817efd4200359

    SHA1

    4372eb849a21a6327ad7ada542ce72134cbc508f

    SHA256

    401f2f35bb85d6996835ee5b8cf5e7708b7faa84d87c7250ae1961dd6ca31261

    SHA512

    ea31eeb0dc7aee3beffe7fd39fcad3656c87c3bdc5004541b97a80f77ebe11268591e632d70e1151a3297919ec9bdd7dc7d64d73c6408931f2948bd825c42c85

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e16a56d21c529c7dae968e88cb588be9

    SHA1

    7932b2ac4031edf972611d6690846cb8f041d0c2

    SHA256

    f497ef53dfdd93acf2b55949b5054ffe418829c8f75b30dc3a2a75c9439f8fe4

    SHA512

    e332fa3c54a57eb0d2b66072e18dd5aa87549babfcc0d3e536875012722a256d3ae4ac896f8d3f06c2b5a44b78e7dcab680c5f8569bef61c7421962647bf15aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e1fd1bf8cb0d862f3969d9b7bbadeffe

    SHA1

    5e88427e2cfdecaa743cb635b8da6dd910b61c81

    SHA256

    9100ce68c6eff09f5b3c9f819eaed1c2d82cd9ecc81e593ad9d1aed279a32b40

    SHA512

    61d176c6e7e31a5b0ea9cb53ac28d12fa9e299183aa127b46ae6137b03ff77966a0e9a3f54ca27c4104b7390b146d8ca1ae21a401155faf51e23f2cc15947e51

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    92383c677550746d2a0389b8e5e3f2c7

    SHA1

    a24562c2803db1eea3fb953e907ae8b630cf8706

    SHA256

    2680321e86a36e42f717a55ae4c658d046d52b6a6fb65e859803a6e77930dce9

    SHA512

    3aaa768c5afb74769fad33d99ae47b968830cbf876794fbd355831c12d9e84c59e5176600566f6566c0e581761552b1138cc5efbda708e08ff4a47a040e4ab35

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1c03f42cf0e79b8c24fb64340febd7cc

    SHA1

    32923d0168981234bc0258979215a6fd5ff0542a

    SHA256

    97a25ee8b31a5112be1401766319e4be527bcb58da728e8d32a57781b150fac3

    SHA512

    3641d0e462b5531a102ac71caac81ea1c4e3e435bf917a770f9ce4fe62a5ca8e52a3593a9ff89751c50d75873bc6b5e49bd16443ed92bd53e3f3252458c12dfa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    305f91dccfb5bbff963b1f756ad46805

    SHA1

    31733dfffdbf90ab96bd6dd5313ee6828ad72028

    SHA256

    1d6cd0fb0c57c3c97ccdb28bb11fe52e7c10125f55dd4d5623a03ec15b5c70e3

    SHA512

    d9ab5c2152b3ae381011619ac4bffbf0d1f0a98fd45bfa110d08a2d8cf5b654803e3919682a7ee98f9b4857836d17359f6e7bae1568a188ce87b23f87d3acfcd

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{61FD6111-CA5F-11EF-AC25-4298DBAE743E}.dat
    Filesize

    4KB

    MD5

    00227f1d828952d1dde328d22ff5b6f9

    SHA1

    790782f230beb7f4dac068d4323fd026c7896dc1

    SHA256

    b88833588bd8bda55c1e7164dda0bcf575563fd4a61162030251380f5e5959c1

    SHA512

    4463f4d84f708524962e862210830ae910347ad3f1474da16520ad655c8b5762cb63ad45e320eddbad5a73a23c8cd684f4403bf78deeb5f451644fd3332593e3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{61FFC271-CA5F-11EF-AC25-4298DBAE743E}.dat
    Filesize

    5KB

    MD5

    bd16362a7c4280f13605df679a5fa4af

    SHA1

    bdf0752356db6b651c8b3e80bd7f2b9bd1484f28

    SHA256

    d3ebe25f9ba56f19f6eb680e3c84afa21608c5cd06e7e0872fcab280da6827a2

    SHA512

    f4a9bcf960d171a7e2fbac07b16a02cae66cea2d819b3c6ee59d7fa129f0df4f0924c2199f31765e1c8e863c50c81e581b72c8f56c5ccd3b0db0b09a830d472a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab1FC2.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2034.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\SysWOW64\rundll32mgr.exe
    Filesize

    133KB

    MD5

    97aa362a4243ce01fac7c3841eb1e05f

    SHA1

    de9990e0307f3d9c35c5d80af3c61fa289f5ff5f

    SHA256

    86e3e7dc9cafd72776d32eb551e0c4ee69414037480024a2667843d621860502

    SHA512

    07eadb6cdc08d9fe1c4998a9a4430d770603fe28235eebf5712ef2494aaa0c3e4a2042231ed2b62a5ae6580d3a7b551c03658c50d695f4793dbf508637c8d181

    Download Submit

  • memory/2596-1-0x0000000074670000-0x000000007472D000-memory.dmp

    Filesize

    756KB

    Download

  • memory/2596-9-0x0000000074670000-0x000000007472D000-memory.dmp

    Filesize

    756KB

    Download

  • memory/2596-10-0x00000000001D0000-0x000000000023A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2596-11-0x00000000745B0000-0x000000007466D000-memory.dmp

    Filesize

    756KB

    Download

  • memory/2596-12-0x00000000001D0000-0x000000000023A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2596-4-0x00000000745B0000-0x000000007466D000-memory.dmp

    Filesize

    756KB

    Download

  • memory/2616-14-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2616-18-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2616-17-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2616-16-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2616-15-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2616-19-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2616-23-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2616-20-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download